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DETAILED ACTION 



1 . Claims 1-2, 5-26 are pending. 



Response to Arguments 



2. Applicant's arguments filed 12/29/2008 have been fully considered but they are 
not persuasive. 

3. Applicant argues that the cited references fail to teach a notification unit notifying, 
a flow source adjacent to the user's communication network of the determination of the 
countermeasure implementation planning place, when the determination unit 
determines the flow source as the countermeasure implementation planning place for a 
reason that the unauthorized access was flowed into the user's communication network. 
Examiner respectfully disagrees. Talpade teaches a notification unit notifying, a flow 
source adjacent to the user's communication network of the determination of the 
countermeasure implementation planning place, when the determination unit 
determines the flow source as the countermeasure implementation planning place for a 
reason that the unauthorized access was flowed into the user's communication network 
(Talpade, paragraph 0024, automatically mitigates attack by informing affected edge 
routers which are adjacent to customer network, Figure 2 Items 228 and 206). Talpade 
teaches the limitation in question by teaching notifying a router that is adjacent to the 
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customer network that countermeasures should be implemented in order to protect the 
customer network. 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1 ) an application for patent, published under section 1 22(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

4. Claims 1-2, 5-9, 12-18, and 22-26 are rejected under 35 U.S.C. 102(a) as 

being anticipated by Talpade et al US PGPub 2004/0148520. 

5. With regards to claims 1, 13, 18, 26, Talpade teaches a traffic recording unit 
recording information on traffic that flows into a user's communication network (Talpade, 
paragraph 0020, tracks packets), an unauthorized access prevention system (Talpade, 
Abstract, when attack is detected, mitigate the attack), including: a search unit 
searching the flowing-in path of unauthorized access to services disclosed from a user's 
communication network (Talpade, paragraph 0017, sensor 204 detects an attack, traffic 
entering the customer network); a determination unit determining a place to implement a 
countermeasure for protecting the services from the unauthorized access based on the 
result of the search (Talpade, paragraph 0024, automatically mitigates attack by 



Application/Control Number: 10/790,655 Page 4 

Art Unit: 2434 

informing affected edge routers), and a notification unit notifying, a flow source adjacent 
to the user's communication network of the determination of the countermeasure 
implementation planning place, when the determination unit determines the flow source 
as the countermeasure implementation planning place for a reason that the 
unauthorized access was flowed into the user's communication network (Talpade, 
paragraph 0024, automatically mitigates attack by informing affected edge routers which 
are adjacent to customer network, Figure 2 Items 228 and 206). 
6. With regards to claim 2, Talpade teaches a recording medium in which a 
program that directs a computer to implement a countermeasure against unauthorized 
access is recorded and in which the program can be read by the computer, and the 
program directs the computer to perform the following processes by being executed by 
the computer (Talpade, paragraph 0019, host platform): a search process of searching 
the flowing-in path of the unauthorized access to the services disclosed from the user's 
communication network (Talpade, paragraph 0017, sensor 204 detects an attack, traffic 
entering the customer network); a determination process of determining the place to 
implement the countermeasure for protecting the services from the unauthorized access 
based on the result of the search (Talpade, paragraph 0024, automatically mitigates 
attack by informing affected edge routers); and a notification unit notifying, a flow source 
adjacent to the user's communication network of the determination of the 
countermeasure implementation planning place, when the determination unit 
determines the flow source as the countermeasure implementation planning place for a 
reason that the unauthorized access was flowed into the user's communication network 
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(Talpade, paragraph 0024, automatically mitigates attack by informing affected edge 
routers which are adjacent to customer network, Figure 2 Items 228 and 206). 

7. With regards to claim 5, Talpade teaches the process of searching the flowing- 
in path is performed by the computer based on the monitoring information on the traffic 
transmitted by a user's communication network and the unauthorized access 
information indicating the contents of the unauthorized access (Talpade, paragraph 
0020, searching is based upon all traffic entering customer network, searching looks at 
information in headers - sensor two). 

8. With regards to claim 6, Talpade teaches the monitoring information includes at 
least the position information on an edge router arranged on the border between the 
user's communication network and the communication network adjacent to the user's 
communication network and the monitoring information on the traffic that flows into the 
user's communication network via the edge router (Talpade, paragraph 0020, position 
information - monitors all traffic entering a particular customers network, paragraph 
0024, informs all border/edge routers for the customer network to reroute traffic). 

9. With regards to claim 7, Talpade teaches the process of notifying the 
determination to the flow source after mutual attestation is conducted between the 
notification unit and the flow source of the unauthorized access is performed by the 
computer (Talpade, paragraph 0024, new routing information is sent to border/edge 
routers). 

1 0. With regards to claim 8, Talpade teaches the process of notifying the 
determination to the flow source after information on a security policy for the operation 
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of each network is exchanged with the flow source that transmits the unauthorized 
access is performed by the computer (Talpade, paragraph 0024, security policy in the 
form of new routing information is sent to border/edge routers). 

1 1 . With regards to claim 9, Talpade teaches information on a security policy is the 
information indicating the time required till the countermeasure against the unauthorized 
access is cancelled after the unauthorized access is not detected any more (Talpade, 
paragraph 0028, periodic polling to determine if attack has completed). 

12. With regards to claim 12, Talpade teaches the process of notifying the flow 
source of the unauthorized access of the determination using the communication path 
that differs from the flowing-in path of the unauthorized access is performed by the 
computer (Talpade, paragraph 0023, notification is provided through IP tunnels). 

1 3. With regards to claim 14, Talpade teaches the judgment is made based on the 
judgment information on the flow source that is given in advance (Talpade, paragraph 
0020, judgment whether to send notification determined from sensor findings in 
advance of sending notification). 

14. With regards to claim 15, Talpade teaches that by having the program 
executed by the computer; the unauthorized access countermeasure implementation 
control process that has the countermeasure for protecting the services from the 
unauthorized access implemented in the user's communication network based on the 
determination that said countermeasure is implemented in the user's communication 
network is performed by the computer (Talpade, paragraph 0024, implemented by 
analysis engine and filter router). 
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15. With regards to claim 16, Talpade teaches the process of implementing the 
countermeasure in the POP (point of presence) edge router to which the flow source of 
the unauthorized access is connected is performed by the computer (Talpade, 
paragraph 0024, new routing information is sent to border/edge routers). 

16. With regards to claim 17, Talpade teaches the process of identifying the POP 
edge router to which the transmitter that transmits the unauthorized access is 
connected based on the information obtained from the operation management system 
that manages the operation of the user's communication network is further performed by 
the computer (Talpade, paragraph 0024, analysis engine/ISP manager/filter routers 
determine provide new routing tables to mitigate attack). 

17. With regards to claim 22, Talpade teaches that by having the program 
executed by the computer; the process-of obtaining a notification of the determination 
that unauthorized access to the services disclosed from a communication network 
different from the user's communication network is made to flow into said other 
communication network is performed by the computer (Talpade, paragraph 0017, 
sensor 204 detects an attack, traffic entering the customer network); the process of 
searching the flowing-in path of the unauthorized access related to the notification in the 
user's communication network when the notification is obtained by the notification 
obtaining process is performed by the computer (Talpade, paragraph 0017, sensor 204 
detects an attack); the process of determining the place to implement the 
countermeasure for protecting the services disclosed from said other communication 
network from the unauthorized access related to the notification based on the result of 
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the search when the notification is obtained by the notification obtaining process is 
performed by the computer (Talpade, paragraph 0024, analysis engine/ISP 
manager/filter routers determine provide new routing tables to mitigate attack), and the 
process of notifying, according to a determination that the countermeasure is 
implemented in the flow source that makes the unauthorized access related to the 
notification flow into the user's communication network when the notification is obtained 
by the notification obtaining process, the determination to the flow source is performed 
by the computer (Talpade, paragraph 0024). 

18. With regards to claim 23, Talpade teaches that by having the program 
executed by the computer; the unauthorized access countermeasure implementation 
control process that has the countermeasure for protecting the services disclosed from 
the user's communication network or the other communication network from the 
unauthorized access related to the notification implemented in the communication 
network of the notification source of the notification when the notification obtained by 
said notification obtaining process is the same as that obtained in the past is further 
performed by the computer (Talpade, paragraph 0024, countermeasures for all attacks 
created by implementing new routing information that is sent to the border and edge 
routers). 

1 9. With regards to claim 24, Talpade teaches the process of notifying the 
information that uniquely identifies the unauthorized access related to the notification 
when the determination is notified is performed by the computer (Talpade, paragraph 
0022, notification of attack is sent by sensor). 
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20. With regards to claim 25, Talpade teaches having the program executed by the 
computer; the process of recording the history of the notification is further performed by 
the computer (Talpade, paragraph 0028, record of notifications stored such that 
analysis engine can later determine if the attack is completed). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

21. Claims 10-11, 19-21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Talpade et al US PGPub 2004/0148520 in view of Kaler et al US 
PGPub 2004/0003286. 

22. With regards to claim 10, Talpade fails to teach that the time indicated by the 
information on the security policy differs between the user communication network and 
the flow source, a shorter time of the two is used as the time required till the 
countermeasure against unauthorized access is cancelled after the unauthorized 
access is not detected any more. However, Kaler teaches that the time indicated by the 
information on the security policy differs between the user communication network and 
the flow source, a shorter time of the two is used as the time required till the 
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countermeasure against unauthorized access is cancelled after the unauthorized 
access is not detected any more (Kaler, paragraph 0036, time period for 
countermeasures if predefined in the threat source). At the time the invention was 
made, it would have been obvious to a person of ordinary skill in the art to utilize Kaler's 
method of timing countermeasures because it offers the advantage of increasing 
security and efficiency by allowing a countermeasure's time of enactment to be 
dependent upon the severity of the attack (Kaler, paragraph 0036). 

23. With regards to claim 1 1 , Talpade as modified teaches the process of notifying 
the flow source of the determination and the information indicating the time required till 
the countermeasure against the unauthorized access is cancelled after the 
unauthorized access is not detected any more is performed by the computer (Kaler, 
paragraph 0036, time period for countermeasures if predefined in the threat source, 
paragraph 0021, computer device). 

24. With regards to claim 19, Talpade teaches the countermeasure implemented 
by the unauthorized access countermeasure implementation control process is 
cancelled after the unauthorized access is not detected any more (Talpade, paragraph 
0028, determine when the attack is completed), but fails to teach a preset time. 
However, Kaler teaches a preset time for cancellation of countermeasures (Kaler, 
paragraph 0036, time period for countermeasures if predefined in the threat source). At 
the time the invention was made, it would have been obvious to a person of ordinary 
skill in the art to utilize Kaler's method of timing countermeasures because it offers the 
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advantage of increasing security and efficiency by allowing a countermeasure's time of 
enactment to be dependent upon the severity of the attack (Kaler, paragraph 0036). 

25. With regards to claim 20, Talpade as modified teaches the preset time is set 
based on the security policy on the network operation of both the user's communication 
network and the other communication network (Kaler, paragraph 0036, time period for 
countermeasures if predefined in the threat source depending on severity of the threat). 

26. With regards to claim 21 , Talpade as modified teaches that when the times set 
between the user's communication network and the other communication network 
based on the security policy on the network operation of both networks differ between 
both networks, the countermeasure is cancelled after the unauthorized access is not 
detected any more and a shorter time of the two passes (Talpade, paragraph 0028, 
determine when the attack is completed, Kaler, paragraph 0036, time period for 
countermeasures if predefined in the threat source). 



Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to ANDREW L. NALVEN whose telephone number is 
(571)272-3839. The examiner can normally be reached on Monday - Thursday 8-6, 
Alternate Fridays. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kambiz Zand can be reached on 571 272 381 1 . The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Andrew L Nalven/ 

Primary Examiner, Art Unit 2434 



